The Digital Citizen survey: A glimpse into security awareness in the workplace

It’s no secret that the frequency and cost of data breaches and cyberattacks are on the rise, and that hacker’s tactics are rapidly evolving. In fact, in a 2018 Security Study, it was found that 100 per cent of the companies surveyed had experienced a cyberattack, suffering an average of 12.5 breaches per year, while spending as much as $5.8 million to recover.

By Jennifer Crisp

At Scalar, we want to ensure that organizations and employees across Canada understand the value of cyber and cloud security best practices. We wanted to understand how employees feel, when faced with the unique challenges that digital workplaces present. We wanted to understand if Canadian organizations were equipping their employees to be knowledgeable, mindful and resilient digital citizens.

So, we went straight to Canada’s workforce and have introduced the inaugural edition of The Digital Citizen: A Canada-Wide Survey on Security Awareness in the Workplace.

Our findings

With The Digital Citizen, we discovered that there is a growing disconnect between the level of preparedness employees feel towards cyber security, compared to the amount of training they receive at work.

At a critical time, when organizations of all sizes are facing more frequent cyber security threats, evolving tactics from hackers and bad actors, and increasingly expensive data breaches, only 40 per cent of Canadians receive training from their employers.

That means 60 per cent of the workforce receive no training at all, and yet 75 per cent of Canadian employees said they feel prepared to handle cyber security attacks in the workplace. Of even greater concern, our research found that seven per cent of Canadian organizations do not take any measures at all to prevent attacks.

The reality is that cyber security and cloud security attacks are a major concern in the workplace, regardless of how prepared employees feel. Of our respondents, one quarter (24 per cent) revealed they have been the target of an attack at work, and a further third (31 per cent) of respondents have been targeted at home.

It is imperative that organizations provide their employees with sufficient training. Of those respondents who did receive training, 93 per cent felt was sufficient, and the overwhelming majority said training helped them mitigate attacks in the workplace (93 percent) and at home (79 per cent).

If this training is so effective, why aren’t 60 per cent of Canadians receiving any? In fact, of those who receive no training, 57 per cent would like to. Furthermore, our survey revealed that one quarter (24 per cent) of Canadian employees have been the target of an attack at work and a further third (31 per cent) of respondents have been targeted at home.

Clearly, there is a need and a disconnect.

Our recommendations

In the ever-evolving digital landscape, cyber and cloud security should be top of mind for organizations and employees alike – in the workplace and at home.

#1 – Understanding the importance of training

Organizations and employees alike need to understand the importance of proper training in a digital workplace. Employees are on the frontlines when it comes to workplace data; they are the most important factor in controlling what data goes into a cloud, or other security system, and knowing how that data is used.

Training in the workplace makes employees vigilant in all aspects of their life, which is what organizations need to foster a secure and sustainable workplace.

#2 – Increase Cloud Security Training

Of the 60 per cent of employees who have received cyber security training from their organization, over half (52 per cent) have never received cloud security training. Further to this, 45 per cent of employees were entirely unsure if their organization has ever experienced a cloud security attack.

Cloud security is a cost-effective and accessible strategy, but dedicated training is imperative. When building cloud security training programs, organizations must be mindful of:

What data is being posted to the cloud andThe importance of protecting user credentials.

Despite its organizational benefits, and unlike on-premises infrastructure, cloud services are public. The majority of breaches we see occur through credential-focused attacks, like phishing.

#3 – Implement Protection Measure for Remote Work

Organizations and employees are increasingly moving toward remote or mobile workplaces. With this, they are also accessing organizational assets from locations that may not have as many, or as complete, corporate security measures in place.

Training on what access is permitted outside of the company network, in addition to what protection is available on their devices, is critical. Some examples of cyber security measures organizations should consider are:

• Implement and increase training for two-step authentication;
• Increase overall cyber security training (for more employees and increased frequency, depending on role);
• Invest in, implement and provide training on the encryption of hard drives; and,
• Establish a central identity repository.

Our methodology

The survey was commissioned by Scalar, sponsored by Cisco and VMware and conducted by Angus Reid. The purpose was to understand how prepared employees of variably sized organizations felt towards cyber security and cloud security risks in the workplace – and whether Canadian organizations are doing enough to prepare their employees to be knowledgeable, mindful and resilient digital citizens in all aspects of digital life.

Between September 10 and September 15, 2019, Angus Reid collected responses from 1,557 English and French respondents, all of whom were employed full-time and are members of the Angus Reid Forum. Respondents came from small (15 to24 employees), medium (25 to249 employees), large (250 to4,999 employees) and enterprise (over 5,000 employees) level organizations across a variety of industries, job functions and demographics. The margins of error for the survey are ±2.5 percentage points, valid 19 times out of 20.

Interested in learning more about The Digital Citizen? Feel free to download the full report here. This article was written by Jennifer Crisp, Manager of Marketing and Communications at Scalar.